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Titles IT SYSTEMS SECURITY SISK ANALYSES 

IMFORMKTrOH ASSURANCE SECTION (IAS) 
ACCREDITATION UNIT <AU) 

DIGITAL-COLLECTION SYSTEM 3000 CDCS-3000j- 
ACCREDITATION DECISION? 

SECURITY CHARACTERISTIC AND TIER LEVEL 
DESIGNATION FOR DCS- 3000 


Synopsis i Designate the DCS- 3000 .Tier- Level , Node ©f 
Operation, determine the Confidentiality, integrity, 
Availability Levels, Boundary description, and name the" key 
Certification and Accreditation Team Members.. 


Administrative? DCS- 3000 Accreditation Boundary Diagram, 
dated 05/1/2006. 


Details? As. a; result -of correspondence and meetings with the 
Accreditation Representative, Information System Security 
Manager, In format ion System Security Officer, Certification 
Representative, the. DCS- 3000. Program Manager and System 
Administrator . the following security characteristics and Tier 
Level have been determined and agreed upon. 

.The Levels. of Concern (LoCJ are Medium for 
Confidentiality,' Medium for ‘ Integrity, and Medium for 
Availability. :BCS -3 00 O' is & Sensitive but Unclassified (SBU) 
system operating in- the. System High Mode of Operation. The: 


ALL XIIF0KHATI OH CQMTAIMED 
HEBEM 15 UNCLASSIFIED 

DATE 05-29-2007 BY 65179 DMHy TAH/K SR/ JB 


#1056287-000 




To c 
Sej 


Operational Technology Front; Secure tv 
3i«tr-H3Q--1487677-SBCD J * 05/2/2006 


15CS.-3000 has been aegeaaed as '* Level ‘2: in accor da nca 

with the FBI Certification' and Accreditation Haiidbodk, 

The EJC&-3000 application suite was developed to 
assist Law Enforcement Agencies {LEA} with cell acting and 
processing data for court -ordered Electronic Surveillance 
lEUd.IF 1 ; aejerat-innia . The ncs-aCffO 

~~l 


The DCS-3000 application suite consists of five IS) 
component applications' residing on one- or sore workstations. 
The components of the !>CS suite used, .to support a particular 
requirement depend upon the type o£ surveillance to be 
conducted # the- switch providing the data# the 
tel'ecowBisi-catipns service provider, and avail ability of 
equipment at the field office. 


The Certification and Accreditation Team. Members 
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System' Owner*, 

Information System Security Officers 
System Administrator ; 

Information System security Manager:. 
Cert i £ i cat ion Represent® t iv© t 
Accreditation Representative : 
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’UUD(a) 3 

Set Lead Is (Info) 


Notify the iSSM if. there axe any changes to DCB~30€I0 
that could impact its designation of the Tier ti®vel, Levels of 
Concern., Mode of Operation, and accreditation boundary. 

Sat Lead 2t (Info) 

SECORITY 
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Title; IT SYSTEM SECURITY RISK ANALYSES 

INFORMATION ASSURANCE SECTION (.IAS) 
ACCREDITATION UNIT (AO) 

ACCREDITATION DECISION: GRANT APPROVAL 
TO OPERATE (ATO) WITH CONDITIONS FOR DIGITAL 
COLLECTION SYSTEM 3000 (DCS -3000) 


Synopsis; Grant an ATO with conditions for DCS -3000 for a 
period .of 3 years. 

References 31 SN- HQ ”-A143.7S77~SSa> Serial 300 

Administrative: References: 

fl.} System Security Plan (S3P) , dated 04/2S/200S' 

(2} Security ' Test Report, date Q5/26/2QGS 
WMak. mxtammnt Matrix. CRMM) r dated 06/0.X/20G-6 
C4 ) Risk Management Plan imp}., dated 06/01/2006 
(5) Plan' ox Action, and Milestone (POA&M) ,■ dated 
0.6/0 1/2006 

Details s The Security Division’s Accreditation Unit (AU) conducted, 
a review of- the- certification Documents, reference above,, for the 
DCS-3 G00 in- accordance with the requirements set: forth by Bureau,. 
Departmental, -National policy, and the FBI Certification and 
Accreditation Handbook. The Designated Accrediting Authority (DAA) 
grants an ATO with conditions for a period, of 3 years starting on 
06/01/2006 and expiring; on 06/ 01/2009. 


ALL INFORMATION C OBTAINED 
HEREIN 15 UNCLASSIFIED 

DATE 05-29-2007 BY 65179 DHH/TAH/KSR/JB 





? 0.3 Operational Technology From; Sectiritv 
Re; 3190-aQ|-Al4876: , 77-SECb, 06/01/2006 


The .accreditation boundary of the DCS-300Q includes the. 
PCS-3;000 application suite that consists of five (5) component 
applications residing on one or .more workstations. The cctaponents- 
of. the DCS suite used to support a particular requirement, depend 
upon the type, of surveillance to be conducted,, the switch providing 
the data, the teleocamiiu'icatiohs service provider, and availability 
of equipment at the field off ice . 

The : DCS- 3-0CC is operating at the Sensitive But 
Unclassified level: in the System High -mode of operation. The system 
hsB been designated as Tier 2 system that- operates at a Medium- level 
of concern {Loci for Confidentiality, Integrity, and Availability 

•The following summarises the risks associated with 
Management:, -Operational, and Technical controls of" DCS-3000. 
Additional details are contained in Risk Management plan (IMP)', 
Reference HI £ 

Management Control e : Mo open Management control- 
vulherabilities were identified within the previous xsmt however, 
during the security review it was discovered that the system had;. not 
undergone a foil security assessment in over 4 years , Therefore, it 
is recommended the system undergo a full security assessment within 
ISO days. 


Operational Controls; Although the- previous RMM identified 
no remindng vaiTterabilities with-in this control, it was identified 
during the security -review .that system security documentation 
contained' discrepancies -that needed to. -be addressed. These 
discrepancies' have been documented within: the -DCS -3.0 00 BSP Errata 
'Sheet. 

Technical Controls ; Only two vulnerabilities remain within 
this- area, i Vulnerability #5. has been deemed, accepted risk. 
Vulnerability #7 is being- researched by the system owner and hah 
-been addressed within the POASM, Reference CSV. 

In . conclusion, based- on the findings of the security • review and the 
defined migration, plan, ip addition to the existing mitigations as 
identified in puam, the Accreditation Unit recommends an -Approval To 
Operate for- 3 years with -the following conditions; 

1. A- full security assessment be completed within 3.8D 
days to- ensure appropriate security .-controls . have been implemented 
that address' changes, in the architecture that have occurred. 

2-,. Ml. vulnerabilities he successfully resolved or 
mitigated within the ISO day period. 
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To: Operational Teehnologv From: Securitv 

Ren 3lSU-ljQ-A14B'7S77 ~SECD, 05/01/2005 


. Failure to meet these conditions will result invalidation 
o£ this KSO ana require full re-certification, and re-accreditation 
of the DCS -30 00 system, 

liny major change (s) to DCS-30O0 shall he brought to the 
attention of the information -System .Security Manager CI-SSM) , 



Toi Operational Technology From; Security 
Ke; ai»«-HQrA1487677-S»3) i oe/01/3006 


LSSBlsls 

Set Lead It (Actios) 

OP M C IOHAL TECttBiQlfl ay. 

Coordinate with ISSM to resolve outstanding POA&M actions 
and coordinate full security assessment Of the DCS-3000. In 
addition, if major changes are made to the system characteristics or 
accreditation boundary during the ATO period, please notify the 
information System Security Manager { J SSM) . 

Set Lead 2; (Info) 

SECURITY 

M L i^amiO P 

Coordinate, -with System Owner to resolve outstanding PQA&M 
actions and set. up full system Security assessment, ..Report status 
of poa&H to Accreditation Unit, 


CCs 
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2.2.2 

Environmental Protection 



r^“ ‘ * 

b2 

d7E 

2.3 

System Layout 



2.4 

Emanation Protection 



2.4.1 



2.4.2 

TEMPEST 

3 

System Description 



3.1 

Summary 


3.2 

Protection Level/Mode of Operatio 

3.3 


3.3.1 

Confidentiality 


3.3.2 

Integrity 



3.3.3 

Availability 



3.4 

Tier Designation 



3.5 

System Diagram 


3.6 

Interconnection Interface 
Description 

■ 


3.6.1 

Direct Network Connection 
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3.6. 1.1 

Connectivity Management 
Procedures 



3.6.1.2 

Interconnection 



3.6.1.3 




3.6.1.4 
3.6.2 
3.6.2. 1 

Networking 
Indirect Connections 
Indirect Import 
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3.6.22 

Indirect Export 
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3.7 

Data Processed 




3.7.1 

Classification and Compartments 
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3.7.2 

Dissemination Controls 
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3.7.3 

Type of Data Processed 


■ i 

3.8 

Data Flow Diagram 
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System Hardware 



4.1 

Hardware List 



4.2.1 

Labeling of System Hardware 



4.2.2 

(System Hardware) Exceptions 



4.3 

Sanitization and Destruction 



4.4 

Custom-Built Hardware 
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System Software 



5.1 

Software List 




5.2 

Software with Restricted Access or 
Limited Use Requirements 
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Foreign Software 
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5.4 

Freeware/Shareware/Open-Source 

Software 




5.5 

(System Software) Marking and 
Labeling 




6.1 

Data Storage Media 
Media Type 




6.2 

Media Handling 




6.2.1 

Media Introduction and Removal 
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DCS 3006] System Security Plan (SSP) v3.0 dated 04/28/2006 
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/Parasnraph. 

i: Title 

SK IM # Pass/Fail 


Comments 1 

1.2.63 

Guides for General Users 




7.2.7 

Incident Response 




7.2.7. 1 

ISSO Notification during Suspiciou 
Events 




1.2.1. 2 

Actions Taken By System During 
Suspicious Events 




7.3 

Technical 




7.3.1 

Access Control 

f 



7.3. 1.1 

Discretionary Access Control 
(DAC) 




7.3.1. 1.1 

Need-To-Know Controls 



b2 

b7E 

7.3. 1.1.2 

Discretionary Access Control 
Augmentation 




7.3. 1.2 

Mandatory Access Controls (MAC) 




7.3. 1.2.1 

Internal Marking and labeling 




7.3. 1.3 

Technical Access Control 
Mechanism 




7.3. 1.4 

User Group and Access Rights 




7.3. 1.4.1 

User Groups 
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Page Section 
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7.3. 1.4.1. 1 

Privileged User Group Roles 




7.3. 1.4. 1.2 

General User Group Roles 




System Access Rights 




Local System Access Rights 




Remote System Access 



7.3.1. 4.2.3 

Non-Data File Access 



7.3. 1.4.3 

Privileged Users Access Rights 



7.3. 1.5.1 

Log-On Error Handling 
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7.3. 1.5.1 

Log-on Error Handling 



7.3. 1.5.2 

Account Lockout Handling 




7.3.2 




7.3.2. 1 

System Users 




7.3.2. 1.1 

General Users 



7.3.2.1.2 

Privileged User 

1 


7.3.2. 1.3 

Device/System User 

Hi 


13.1.2 

Account Management Procedures 



13.2.2.1 

Account Request Procedures 



13.2.2.2 

Account Maintenance Procedures 

:igBlll 

M 


13.2.23 

Account Termination Procedures 



13.23 

Authenticator Procedures 



13.23.1 




13.23.2 

Password Changes 



13.2.4 

PKI Use 



MS 
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7.3.3. 1 

Trails) 

Auditing Procedures 


— 

— 

7.3.3. 1.1 

Audit Review 
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7.3.3. 1.2 

Audit Log Storage Requirements 
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7.3.3. 1.3 

Discrepancy Handling 




7.3.3. 1.4 

System Shutdown During Audit 
Failure 




73 . 3.2 

Notification Banner 
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7333 

User Accountability 




733.4 

Audit Protection and Log Access 



11 

i 

7.3.3.4.1 

Audit Protection 




7.3.3.4.2 

Audit Log Access 




733.5 

Audited Information 

IMfBl 


7.3.3.5.1 

Windows Operating System 

1 


7.3.3.S.2 

Solaris Operating System 



7.3.3.5.3 

Oracle Database 


1 


Microsoft SQL Database 




7.3.3. 5. 5 

Microsoft Internet Information 





Server (IIS) 




7.3.3.6 

Audited Activities 




7.3.3.6.1 

(Audited Activities) Windows 
Operating System 



7.3.3.6.2 

(Audited Activities) Solaris 
Operating System 




733.63 

(Audited Activities) Oracle 
Database 



7.3.3.6.4 

(Audited Activities) Microsoft SQL 
Database 
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Configuration Management 

(CMP) 

Privileged & General Users Guides 

Contingency Plan (CP) 

Disaster Recovery Plan (DRP) 
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DCS-3000 Accreditation Boundary 


AIL OTTOKHATIOH COHTAIHED 

HEKEBI IS DECLASSIFIED 

DATE 06-01-20QV BT 65179 DHH/KSR/DK 






(Rev. 01-31-2003) 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 05/28/2003 

To: Investigative Technology Attn: I 


From: Security 

IAS/AU/42&2- 

Contact: I 


]( 202 ) 324 ^ 


Approved By: 


Drafted By: 


Hooton William L 


mgm 


Case ID #: 66F-HQ-A1403623-J Serial #93 
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Title: ACCREDITATIONS 

NOTIFICATION OF ACCREDITATION DECISION FOR THE DATA 
COLLECTION SYSTEM 3000 (DCS3000) 

Synopsis: To notify the system owner of the Data Collection System 

3000 (DCS3000) accreditation and address an outstanding action 
item. 


Reference: 66F-HQ-C1333650-DCS3000 

Details: The Security Division's Accreditation Unit (AU) has 

completed the requested review of the System Security Plan (SSP) 
and the Risk Report dated December 17, 2002 and received March 25, 
2003. Resulting from this review, the Designated Accrediting 
Authority ( DAA) has accredited the DCS3000 from May 28, 2003 
through May 27, 2006. 

The DCS3000 was assessed as a Tier 2 system with 
Confidentiality - High, Integrity - High and Availability - Medium. 
The system is accredited to operate at the SBU level. Dedicated 
Security Mode of Operation. 

The DCS3000 accreditation is contingent upon developing 
and implementing audit retention and review procedures within 180 
days. The Information Technology Security Unit (ITSU) will provide 
verification to the AU of audit retention and review procedures 
within this time frame. Maintaining a current accreditation status 
is subject to completing this action as well as to the continued 


ALL XHFORHATIOW COBTAIHED 
HERE III IS UHCLAS3IFIEB 

DATE 05-29-2007 BY 65179 DMH/TAK/KSR/JB 




To: Investigative Technology From: Security 

Re: 66F-HQ-A14 03623- J, 05/28/2003 


adherence to the provisions of the SSP. In particular, all media 
copied or downloaded from the DCS3000 must be scanned for malicious 
code with the latest available virus scan updates before 
introducing information to any application residing on FBINET. 



To: Investigative Technology From: 

Re: 66F-HQ-A1403623-J, 05/28./2003 


Security 


LEAD (s) : 

Set Lead 1: (Action) 

INVESTIGATIVE TECHNOLOGY 
AT WASHINGTON. DC 

Develop and implement audit retention and review 
procedures within 180 days. 


CC - 


♦♦ 
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U.S. Department of Justice 


Federal Bureau of Investigation 


Washington, D. C. 20535-0001 

May 28, 2003 


Mr. D. Jerry Rubino 
Department Security Officer 
U.S. Department of Justice 
RFK Building 
Room 6525 

Washington, D.C., 20530 


Dear Mr. Rubino: 

The purpose of this communication is to notify DOJ of 
the Data Collection System 3000 (DCS3000) accreditation. 

The system is accredited to operate at the SBU level. 
Dedicated Security Mode of Operation. It was assessed as a Tier 
2 system with Confidentiality - High, Integrity - High and 
Availability - Medium. 

An exception to DOJ policy is requested, as an 
exception to FBI policy requiring a user account to be unlocked 
by a system administrator after three unsuccessful attempts has 
been granted. The mitigating strategy described in the SSP 
fulfills the intent of FBI and DOJ policies. 

The Security Division's Accreditation Unit conducted 
the DCS3000 accreditation in accordance with the requirements set 
forth in Bureau, Departmental, and National policy. 

Accreditation is granted for a period of three years or until 
major changes affecting the security profile of the system are 
made. The accreditation period is from May 28, 2003 and will 
expire May 27, 2006. 


Sincerely, 


William L. Hooton 
Deputy Executive 
Assistant Director 
Administration 


Enclosure 

Case ID # 66F-HQ-A14 03623- J Serial# 9.1. 


ALL INFORMATION CONTAINED 
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Federal Bureau of Investigation 


Washington, D. C. 20535-0001 
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May 28, 2003 


Federal Bureau of Investigation 
Room 9396 

Washington, D.C. 20535 
Dear | 1 


The purpose of this communication is to accredit the 
Data Collection System 3000 (DCS3000) . The Security Division's 
Accreditation Unit has completed the requested review of the 
System Security Plan (SSP), dated December 17, 2002 and received 
March 25, 2003. 

The system is certified to operate at the SBU level. 
Dedicated mode of operation. It was assessed by the certifier as 
a Tier 1, Protection Level 1 system with Confidentiality - Medium, 
Integrity - Medium and Availability - Medium. 

The Security Division's Accreditation Unit conducted 
the DCS3000 accreditation in accordance with the requirements set 
forth in Bureau, Departmental, and National policy Accreditation 
is granted for a period of three years or until major changes 
affecting the security profile of the system are made. The 
accreditation period is from May 28, 2003 and will expire May 27, 
2006. 


ACCREDITATION STATEMENT FOR THE 
DATA COLLECTION SYSTEM 3000 (DCS3000) 

Sincerely, 


William L. Hooton 
Executive Assistant Director 


Case ID # 66F-HQ-A14 03623-J Serial# 94 
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U.S. Department of Justice 


Federal Bureau of Investigation 


Washington, D. C. 20535-0001 

June 1, 2006 


Mr. Vance E. Hitch 
Chief Information Officer 
U.S. Department of Justice 
Room 1310 

950 Pennsylvania Avenue, NW 
Washington, DC 20530 

Dear Mr. Hitch: 

The purpose of this communication is to notify the 
Department of Justice (DOJ) of the Approval to Operate (ATO) for 
the Digital Collection System - 3000 (DCS-3000) . This ATO has 
been issued by the FBI's Designated Accrediting Authority (DAA) 
for a period of three years from 06/01/2006 to 06/01/2009. 

The DAA Representative, in conjunction with the System 
Certification Team, have determined the Levels of Concern (LoC) 
assigned for DCS-3000 are Medium for Confidentiality, Medium for 
Integrity and Medium for Availability. DCS-3000 has been 
assessed as a Tier Level 2 system in accordance with the FBI 
Certification and Accreditation Handbook. 


Sincerely yours. 


jon behalf of 

zaimai azbm 1 

Chief Information Officer 
Designated Accrediting Authority 
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Data Collection System 3000 
(DCS-3000) 

Plan Of Actions & Milestones (POA&M) 

June 1, 2006 
Version 1.0 


Prepared by: 


Quantico ISSM 


Federal Bureau of Investigation 
935 Pennsylvania Avenue, NW 
Washington DC 20530 
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1. INTRODUCTION 


1.1. System Description 



• Facilitates the review and examination of the information 

• Dramatically increases the efficiency of trial preparations 
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ERF. Field office personnel monitor operations within the CMP, and operations are 
physically separated according to type and function (i.e.. Title III versus Foreign 
Intelligence Surveillance Act [FISA] and computer operations versus case monitoring). 

FBI professionals, who have been well screened, cleared, and trained for the operations 
they perform, operate and use the system in a physically secure, climate-controlled 
environment. The system is easy to use, and personnel duties are clearly defined and 
appear to be commonly understood so stress levels for system users, regardless of their 
positions, are fairly low, especially in light of the types of work they do. 

1.2. Risk Assessment Approach 

The risk assessment for this system was conducted through: 

• A security assessment of the DCS-3000 system was conducted during the period May 
2, 2006 to verify closure of open vulnerabilities. 

• Personal interviews with DCS-3000 program management and technical personnel. 

ALL UirOKKATIOH CONTAINED 

HEREIN IS UNCLASSIFIED 

DATE 06-01-2007 BY 65179 DHH/'KSR/DK 
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2. RISK ASSESSMENT RESULTS 

This section provides detailed DCS-3000 risk assessment results that were derived from 
the initial pre-certification testing. Vulnerabilities and threats have been paired by 
severity of risk after all applicable existing safeguards relative to them have been taken 
into account. It is important to note that multiple vulnerability/threat pairs may be 
discussed by vulnerability if similar safeguards can mitigate the pairs. Test results were 
generally favorable and justified no further testing of this system for the purposes of this 
C& A effort. 

For each vulnerability/threat pair, the following information is included in narrative form: 

• The vulnerability/threat pair number (e.g., 1, 2, etc.) 

• Vulnerability/threat pair description (in italics) 

• Description of the probable impact on the pair and analysis of the impact (also in 

italics ) 

• Planned or recommended controls or alternative options for reducing risks 
2.1. Risk Assessment 


2.1.1. High Risk Vulnerability/Threat Pairs 


The following are the remaining high-risk vulnerability/threat pairs that are drawn from 
the initial RMM table. There are seven operational aspects of this collection system that 
appear to be at high risk. Overarching mitigating factors for these risks include the DCS- 



operations and must undergo a thorough and comprehensive screening process in order to 
be granted an FBI Top Secret clearance before being authorized to perform their tasks. 


The following are the validated closed and remaining associated high-risk vulnerability 
pairs below: 
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This assessment was conducted to verify remaining vulnerabilities; however, due to age 
of the original test report and proposed changes to the current architecture a full system 
security assessment is required. These requirements are being added to the DCS-3000 
Plan of Action and Milestones (POA&M) as risk management items that require the 
appropriate attention for resolution. 
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Concerns 

(U) There are several areas of the total DCS-3000 program that require additional 
correction/improvement Because the final engineering of the system is not 
completed, and the former certification testing was accomplished approximately four 
years ago, a full system test is w 

stasis. Tn addition, the DCS-'tOOO SSP l I 


(U) The documentation will be completed as soon as possible, and the certification 
testing must be accomplished within 180 days of this POA&M approval. 

(U) The existing open RMM identified items also require resolution. 


Conclusion 

(TP) The DCS-3000 has very few existing vulnerabilities, and is an SBU system. 


(U) I believe this system is operated and maintained at an acceptable level of risk. I, 
therefore, recommend that the DCS-3000 be given a three year ATO with the caveats 
listed in paragraph 2 & 3 of the “Concerns” above. 


(U) I also recommend that the failure to meet these conditions should invalidate the ATO 
and require full recertification and re-accreditation of the DCS-3000 system. 
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(Rev. 01-31-2003) 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 05/28/2003 

To: Director's Office Attn: William L. Hooton 

From: Security 

IAS/AU/42&2. 

Contact : I 


Approved By: 


Drafted By: 


Case ID #: 66F-HQ-A1403623-J Serial #92 

Title: ACCREDITATIONS - REQUEST FOR ACCREDITATION DECISION FOR 

THE DATA COLLECTION SYSTEM 3000 (DCS3000) 

Synopsis: To request an accreditation decision by the DAA for 

the Data Collection System 3000 (DCS3000) . 

Reference: 66F-HQ-C1333650-DCS3000 

Details: The Data Collection System 3000 (DCS3000) was assessed as 

a Tier 2 system with Confidentiality - High, Integrity - High and 
Availability - Medium. The system is certified to operate at the 
SBU level, Dedicated Security Mode of Operation. 

The DCS3000 is an electronic surveillance (ELSUR) 
collection system that supports criminal law enforcement (CLE) 

Title III crimina^^nvesti£ations^__TheJDCS3000_ > a££lication_ i Suite 
resides on a | 1 


| | The completion of actions 

detailed in an EC irom Security, Case ID #66F-HQ-A1403623-J, to 
Investigative Technology dated 05/28/2003 will minimize the risk to 
FBINET . 
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The Security Division's Accreditation Unit conducted the 
DCS3000 accreditation review in accordance with the requirements 
set forth in Bureau, Departmental and National policy. Favorable 
approval by the DAA will accredit the DCS3000 for a period of three 
years or until major changes affecting the security profile of the 
system are made. The accreditation period is from May 28, 2003 and 
will expire May 27, 2006. 
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To: Director's Office From: Security 

Re: 66F-HQ-A14 03623- J, 05/28/2003 


LEAD (s) : 

Set Lead 1: (Action) 

DIRECTOR'S OFFICE 

AT EADADMIN. DC 

Request an accreditation decision for the Data 
Collection System 3000 (DCS3000) . 

♦♦ 
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1. INTRODUCTION 


1.1. System Description 

DCS3000 is a computer-based intelligence collection systems used by FBI personnel to 


Facilitates the review and examination of the information 


b2 

b7E 


• Dramatically increases the efficiency of trial preparations 


• Exponentially increases the utility and value of computer-based intercepts 

The DC, 830(10 system is danlnyfid in rfintral mnnitnrinp nlants ( CMpJ 

( is controlled by use of security guards, visitor badges, and 
visitor logs. Visitors are escorted at all times while in a field office building and at the 
ERF. Field office personnel monitor operations within the CMP, and operations are 
physically separated according to type and function (i.e., Title III versus Foreign 
Intelligence Surveillance Act [FISA] and computer operations versus case monitoring). 
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FBI professionals, who have been well screened, cleared, and trained for the operations 
they perform, operate and use the system in a physically secure, climate-controlled 
environment. The system is easy to use, and personnel duties are clearly defined and 
appear to be commonly understood so stress levels for system users, regardless of their 
positions, are fairly low, especially in light of the types of work they do. 


1.2. Risk Assessment Approach 

The risk assessment for this system was conducted through: 

• An initial pre-certification test (i.e., vulnerability assessment) of the DCS3000 system 
during the period August 22-23, 2002. 

• Personal interviews with cognizant DCS3000 program management and technical 
personnel. 

• Analysis of FBI field-office personnel surveys 
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Planned or Recommended Remedial Action : 



Planned or Recommended Remedial Action : 



Planned or Recommended Remedial Action: 
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Overall, recommend Senior FBI management personnel should take a very active role in ^ 2 

support of a comprehensive FBI INFOSEC program. As part of this program, a ^ ^ 

comprehensive FBI information security (INFOSEC) training program should be 
developed and implemented throughout the FBI. Also, unit-level, job-specific INFOSEC 
training should be strongly encouraged or mandated. 
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1. Purpose of the Risk Management Plan 

The Risk Management Plan (RMP) provides the Designated Accrediting Authority 
(DAA) and other FBI executives the general essential elements of information relative to 
the Data Collections System (DCS-3000) to include the strategy to address the identified 
vulnerabilities. 

b2 

2. Mission/Description of the DCS-3000 b7E 

The DCS-3000 system is deployed in central monitoring plants fCMPd ~ 

|is controlled by use of security guards, visitor badges, and 
visitor logs. Visitors are escorted at all times while in a field office building and at the 
ERF. Field office personnel monitor operations within the CMP, and operations are 
physically separated according to type and function (i.e.. Title III versus Foreign 
Intelligence Surveillance Act [FISA] and computer operations versus case monitoring). 

FBI professionals, who have been well screened, cleared, and trained for the operations 
they perform, operate and use the system in a physically secure, climate-controlled 
environment. The system is easy to use, and personnel duties are clearly defined and 
appear to be commonly understood so stress levels for system users, regardless of their 
positions, are fairly low, especially in light of the types of work they do. 

3. Security Characteristics and Accreditation Boundary 

The DCS-3000 is operating at the Sensitive but Unclassified (SBU) level in the System 
Hi gh mode o f operation. The system has been designated as Tiejpystem that operates 
at a| | Level of Concern (LOC) for] | Integrity, and Availability. b 2 

b7E 

The accreditation boundary of the DCS-3000 includes the DCS-3000 application suite, 
which, consists of five (5) component applications residing on one or more workstations. 

The components of the DCS suite used to support a particular requirement depend upon 
the type of surveillance to be conducted, the switch providing the data, the 
telecommunications service provider, and availability of equipment at the field office. 

4. Decision Issues for the DCS-3000 

The following table summarizes the vulnerabilities and accepted risks for DCS-3000: 
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1.0 INTRODUCTION 

Prior to receiving access to DCS3000, all users shall be required to review the DCS3000 Rules of 
Behavior. These Rules of Behavior apply to all users of DCS3000. By signing this document, the 
user acknowledges that he or she understands and accepts these responsibilities and will make every 
effort to comply with them. Copies of these rules of behavior must be provided to all new users of 
DCS3000 before they are granted system access. 

Security is important for everyone. All users of DCS3000 resources should be aware that the 
system as a whole contains valuable and sometimes sensitive government information, which must 
be protected to prevent disclosure, unauthorized changes, and loss. Each part of the system can 
introduce vulnerabilities to the whole, so protection must be consistent in order to be effective. 

1.1 Purpose 

The purpose of the DCS3000 Rules of Behavior is to implement baseline security requirements for 
all program managers (PM), system administrators (SA), information systems security officers 
(ISSO), and users of the system. This document states individual’s security responsibilities as users 
of the system. 

1.2 Compliance 

The DCS3000 Rules of Behavior are based on the principles described in the Computer Security 
Act of 1987 to protect sensitive information. More specific user responsibilities are set forth in the 
FBI Manual of Investigative Operations and Guidelines (MIOG) and in other regulatory documents 
such as the Code of Ethics for Government Employees, Office of Personnel Management (OPM) 
regulations. Office of Management and Budget (OMB) regulations, and the Standard of Conduct for 
Federal Employees. The DCS3000 Rules of Behavior carry the same responsibility for compliance 
as these official documents. Users who do not comply with these rules are subject to penalties that 
can be imposed under existing policy and regulations, including official, written reprimands, 
suspension of system privileges, temporary suspension from duty, removal from current position, 
termination of employment, and even criminal prosecution. The FBI will enforce the use of 
penalties against any user who willfully violates any DCS3000 or federal system security (and 
related) policy. 

1.1.2 User Information and Contacts 

Your supervisor or system administrator should furnish you with the following information when you 
are granted authorized user privileges on DCS3000. After that, it is your responsibility to stay up-to- 
date on the key personnel and phone numbers. Y ou should know: 
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Your access privileges; your access privileges may be limited to a specific list of file areas, b 6 
programs, and activities. b 7 C 

You should know who the following individuals are and how to contact them: 


Contact: 

Description of Duties: 

Telephone: i 

Project Manager 

Project manager for DCS3000 activities. 


I II 

Information Systems Security 
Officer (ISSO) 

Ensures that the information system is 
implemented with appropriate security 
features and meets the minimum security 
requirements. 


DCS3000 Senior System 
Technical Representative 

Serves as senior technical advisor for all 
DCS3000 issues 

1 

Switch-Based Intercept 
Program Manager 

Serves as POC for all DCS3000 switch- 
based intercept issues 

1 

User Representative 

Serves as spokesman for all DCS3000 user 
issues. 

1 

Supervisor (in the specific 
location) 

Requests access for, or termination of 
service, to the Information system. 
Requests the establishment and deletion of 
directories. 


Table 1: Contacts 
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1.1.3 The DCS3000 Environment 

General Information 

All DCS3000 users must read and abide by these rules of behavior. 

All FBI ADPT systems are for official business only. System users have no expectation of privacy 
while utilizing these resources. 

Sensitive and Classified Data Considerations 

Classified national security information (i.e.. Confidential, Secret or Top Secret information) will 
not be processed on any DCS3000. 


All DCS3000 output that contains LOUO information will be so marked or labeled by the user who 
generated the material, and then stored or transmitted with appropriate protection. The designation 
“Limted Official Use Only” will be marked, stamped or permanently affixed to the top and bottom of 
the outside of the front and back covers (if any), on the title page and on all pages of documents or 
information requiring such control. All diskettes or other magnetic media containing sensitive 
information will be similarly labeled and stored in locked containers (e.g., desks, filing cabinets, 
etc.). 

LOUO documents that are no longer needed should be shredded. 

Magnetic media (e.g., diskettes and hard drives) that have been used for LOUO information may 
contain sensitive information even after the LOUO files are deleted. The information may be 
recoverable, even if a normal directory listing of the medium says it is empty. Before discarding 
magnetic media, users should do one of the following: 


If you need assistance in disposing of magnetic media, consult your system administrator or ISSO. 
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2.6 Official Use 


2. 7 Incident Reporting 


3.0 ADMINISTRATORS 
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3. 1 System Administrators 


3.1.1 Responsibilities 



• 


1 1 


•[ 




• Becoming thoroughly familiar with and complying in all respects with the requirements of 
DCS3000 Security Policy and these Rules of Behavior. 


b2 

b7E 


LIMITED OFFICIAL USE ONLY 









b2 

b7E 


LIMITED OFFICIAL USE ONLY 


4.0 INFORMATION SYSTEMS SECURITY MONITORING 

This FBI system is for the sole use of authorized users for official business only. You have no 
expectation of privacy in its use. DCS3000 may be monitored routinely for indication of any 
unauthorized or malicious activity. 

5.0 MONITORING NOTICES 
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(ii) 
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5 . 1 Computer Loe-on Banner 



SYSTEM ADMINISTRATORS 

Objective 



1 
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6.2 Restrictions on System Administrators in the Normal Performance of Their Duties 
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.3 Management Searches 


Assistance to Law Enforcement and Counterintellisence 
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DCS3000/Privilesed User Rules of Behavior Acknowledgement Form 
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Privileged User Signature: Date: 

Supervisor Signature: Date: 

i 
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Field Office integrated Security System 
Appendix C - Rules of Behavior 
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1. INTRODUCTION 

The Data Collection System (DCS) 3000 application suite was developed to assist Law 
Enforcement Agencies (LEA) with collecting and processing data for Court-ordered electronic 
surveillance (ELSUR) operations. This system was developed, as an interim solution to Law 
Enforcement Agency collection needs until commercial collection platforms become available. 

1.1. Purpose 

The goal of this effort is to provide the Designated Accrediting Authority (DAA) with the 
information necessary to complete the security certification and accreditation (C&A) process. 

The C&A process validates that the required safeguards have been identified and implemented 
on the system. The culmination of this effort will be system accreditation (i.e. formal approval 
to operate) by the DAA 

1.2. Background 

This security concept of operations (CONOPS) describes the planned operating conditions of the 
DCS3000 and the expected residual risk of operating the system. The system descriptions and 
security requirements provided herein are intended to assist the Designated Accrediting 
Authority (DAA) in determining the appropriate set of technical and non-technical safeguards for 
protecting the information in the DCS3000 system. 

1.3. Project/Program Overview 
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2. REFERENCES 

This document has been prepared in accordance with guidance provided by: 


i 
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The DCS3000 has been in operation since 1997 and is operational in | ~| fBI field offices 
across the United States. 

1.4. Assumptions 

The security requirements described in this CONOPS are based on the following assumptions: 
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3. CURRENT OPERATING ENVIRONMENT 
3.1. Current System 


• Pen Regi ster \ 

• Title III - I 

• Cooperative Warrant I 


L 


3.2. Major System Components 


The DCS300 0 suite consists of five component applications residing on one or more 
workstations i 


DCS3000 consists of the following applications: 

• Client 

• Server 

• MultiServer 

• VANGuard 

• MultiVANGuard 


[Jhe 
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The Client 
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The VANGuard 



3.3. User Organizations and Personnel 
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4. SYSTEM OPERATIONAL OVERVIEW 

4.1. Networking Infrastructure 
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Table 4-1 represents sample data channel and content channel delivery mechanisms for 
telecommunications service providers. 
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Table 4-1. Sample Interconnection Configurations 
Service Provider 1 Call Data Channel 1 Call Content Channel 


4.2. Information Transfer and Collaboration 




4.3. Hardware 

The following subsections list and describe the major hardware required to operate the DC S3 000 
system. 

4.3.1. Workstations 



L 



4.3.2. Data Communications Equipment 
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4.4. Software 

The following subsections list and describe the major software required to operate the DCS3000 
system. 

4.4.1. Operating System 
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4.4.2. DCS Applications 
Please refer to section 3.1 above. 

4.4.3. Security Software 



4.5. Maintenance 


5. SECURITY 

5.1. System/Faciiity Access 



5.3. Data Storage Media 
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INTRODUCTION 


1. Background 


The DCS3000 is an electronic surveillance (ELSUR) col lection system that supports 
criminal law enforcement CCLE - ) Title III criminal investigations! I 


The system is used in several environments. FBI collection efforts and FBI/other federal, 
state or local agency joint collection efforts are controlled by FBI personnel. Although the FBI 
loans equipment and software to other law enforcement agencies for court ordered collections, 
the local agency is responsible for establishing and maintaining these collection efforts with the 
TSP. These standalone installations in local PDs, where the FBI provides no additional support 
or connectivity, are not a part of t he DCS3000 accreditation. Therefore, this evaluat ion considers 
only equipment under FBI control! I 
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DCS3000 data is collected in support of criminal cases and is protected as evidenc el I 
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DCS 3000 System Security Plan 

INTRODUCTION 

The DCS 3000 is an Electronic Surveillance (ELSUR) collection system that supports 
Criminal Law Enforcement (CLE) as well as Foreign Intelligence Surveillance Act (FISA) Pen 
Register investigations. The Operational Technology Division (OTD), Electronic Surveillance 
Technology Section (ESTS), Telecommunications Intercept and Collection Technology Unit 
(TICTU) developed and deployed the DCS 3000 system in Central Monitoring Plants (CMPs) in 
various FBI offices. This SSP documents the security policies and procedures for the DCS 
3000 system. In addition, this plan delineates responsibilities and expected behavior of all 
individuals who access the system. This plan establishes the approved operational baseline 
and configuration and is the basis for the type certification an d accreditation of the DCS 3000. 
regardless of the physical location of systems within the FBI . 1 


b2 

b7E 


FOR OFFICIAL USE ONLY 

(5) 



FOR OFFICIAL USE ONLY 


O 


3 


1. INFORMATION SYSTEM GENERAL INFORMATION 

1.1 Security Administration 

1.1.1 System Information 


Information System Name 

DCS 3000 

Information System Number (if applicable) 

66F-HQ-C1 333650-DCS3000 

Date of Plan 

1 

Revision/Version 


TSABI Number (if applicable) 

Not Applicable (N/A) 

Web Location for documentation 
(if applicable) 

fc 

Status (New System or Modification to an 
Existing System)? 

1 1 

Project ID (If applicable) 

N/A 

Deployment Installation Date 



Security Test & Evaluation Date 



Required Operational Date 




1.1.2 Key System Points of Contact 


System Owner 


Phone: Commercial 
Phone: Secure 


Email Address 


Phone: Commercial 
Phone: Secure 


-b6 

-b7C 


FOR OFFICIAL USE ONLY 

( 6 ) 



ISSO Alternate 


Email Address 


Phone: Commercial 


Phone: Secure 


Email Address 


Phone: Commercial 


Phone: Secure 


Email Address 


Phone: Commercial 


Phone: Secure 


Email Address 


ERF 

Building #27958-A 
Quantico, VA 22135 


Phone: Commercial 


Phone: Secure 







1.2.2 Supported Projects 



1.2.3 Information System Usage 
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E-Mail 


Spreadsheets 

U" ; 

Image Processing 

Web/Web Design 

r l 

Mapping 

Word Processing 

r| | 


1 .3 Inter-Departmental/Agency Use and Agreements 

1.3.1 Joint Use Information 


The DCS 3000 is not subject to Joint-Use Agreements. 

1.3.2 Memorandum of Agreement (MOA)/Understanding (MOU) 
The DCS 3000 is not subject to any MOAs or MOUs. 

1.3.3 Interconnection Security Agreement (ISA) 

The DCS 3000 system is not subject to any ISAs. 
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3. SYSTEM DESCRIPTION 
3.1 Summary 

Summary: 

The DCS 3000 system was developed to assist the FBI with collecting and processing data 
for court-ordered ELSUR operations for criminal and FISA investigations. To conduct court- 
ordered ELSUR operations, the system connects to switches that are used by TSPs to route 
telephone calls to their destinations. The DCS 3000 can collect ELSUR data under the Pen 
Register warrant, which are concerned with call data. 

System Architecture/Kev Components: 

The DCS 3000 application suite consists of six component applications residing on one or 
more workstations. Not every component application is used during a surveillance operation; 
individual installations of the DCS 3000 vary according to need. The components of the DCS 
suite used to support a particular requirement depends upon the type of surveillance to be 
conducted, the switch providing the data, the TSP, and availability of equipment at the office. 
The DCS 3000 consists of the following applications: 




DCS 3000 User G uide. In addition, the following documents 
effort for the DCS 3000: 


DCS 3000 System Security Plan (this document) 


• DCS 3000 Risk Assessment and Management Plan. 


Mode of Operation. Levels of Concern (LoQ. and Tier Designation: 













3.5 System Diagram 



3.6 Interconnection Interface Description 

3.6.1 Direct Network Connections 



3.6.1. 1 Connectivity Management Procedures 


Overall: 













3.7 Data Processed 

3.7.1 Classification and Compartments 
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3.7.2 Dissemination Controls 


3.7.3 Type of Data Processed 

The DCS 3000 system processes Criminal Investigative Information (Cll) where the case 
agents are considered the Data Owners and Data Managers. 

3.8 Data Flow Diagram 


b2 
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4. SYSTEM HARDWARE 


4.1 Hardware List ^2 

b7E 

A list of hardware used in the DCS 3000 system is provided in Table 1 . See Attachment C 
for a site-specific hardware list. 


Nomenclature 

Model 

Manufacturer 

Memory- 

Serial 

Location 




Component 

Number 



Tahlf, 1 ; Enninnifnt I ist 


4.2 Hardware Labeling 

4.2.1 Labeling of System Hardware 


4.2.2 Exceptions 
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4.3 Sanitization and Destruction 


mk timeiAi mi 

(23) 
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5.0 SYSTEM SOFTWARE 

5. 1 Software List 


The software used by the DCS 3000 system is listed in Table 2. 


Name 

Version 

Manufacturer 

Intended Use or 
Function 
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5.2 Software with Restricted Access or Limited Use Requirements 


Table 2: DCS 3000 Software 
I DCS Application Component 1 Version 


Table 3: DCS 3000 Application Version Numbers 
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5.3 Foreign Software 





3 3 
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DATA STORAGE MEDIA 
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6.1 

Media Type 




6.2 Media Handling 
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6.2.2 Sanitization and Destruction 


6.3 Storage Media Marking and Labeling 
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7. 

SECURITY CONTROL REQUIREMENTS 


b2 
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7.1 

Management 



7.1.1 

Risk Assessment 















• m 
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7.2.2 Contingency Planning 
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7 .2.2.1 System Backup 
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7.2 .2.3 Backup Power Supply Requirements 



7.2.2.4 Recovery Procedures 
7.2.2.4.1 Continuity of Operations Plan 
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7.2.4.4 Hardware & Software Maintenance 
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7.2 .4.4.1 System Start-Up/Shut-Down 






*38 










FOR OFFICIAL USE ONLY 


7. 2. 5. 2. 3 Printout/Hardcopy 

All written documents generated in support of a case are labeled, stored, transported, and 
transferred according to very clearly prescribed and strictly enforced FBI procedures. 

7.2 .5.2.4 Non-Repudiation 

Not applicable for the DCS 3000 system. 

7.2.5.2.5 Transaction Rollback 

b2 

Not applicable for the DCS 3000 system. b 7 E 

7.2.6 User’s Guides 

7 .2.6.1 Configuration Guides 


7 .2.6.2 Guides for Privileged Users 

Not applicable to the DCS 3000 system. 

7.2.6.3 Guides for General Users 
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7.3 Technical 

7.3.1 Access Control 

7.3.1. 1 Discretionary Access Control (DAC) 

Not applicable because the DCS 3000 functions in the dedicated mode of operation. 

7.3.1. 1.1 Need-To-Know Controls 

b2 

Not applicable to the DCS 3000 system. b 7 E 


7.3. 1.2.1 Internal Marking 



7.3. 1.3 Technical Access Control Mechanism 
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c 

7.3.1.4 User Group and Access Rights 

7.3. 1.4.1 User Groups 

b2 
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7 .3. 1.4.1. 1 Privileged User Group Roles 

This section is not applicable to the DCS 3000 system. 

7.3.1.4.1.2 General User Group Roles 

This section is not applicable to the DCS 3000 system. 

7 .3. 1.4.2 System Access Rights 


7.3.1. 4.2.1 Local System Access Rights 




44 
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7.3.2. 3. 2 Password Changes 



7.3.3 Accountability (Including Audit Trails) b7E 

7.3.3. 1 Auditing Procedures 
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7.3.4 System & Communications Protection blE 

7.3.4. 1 System Protections 

7.3.4. 1.1 Malicious Code/Virus Protection 



7.3.4.1.3 Priority Process Protection 


b2 

Not applicable to the DCS 3000 system. k 7 

7 .3.4.2 Communications Protection 
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7.3.4.2.1 Network Allowed Services and Protocols 

7.3.4.2.1.1 Internal to the LAN: 



53 
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7. 3.4. 3 Unique Security Features 

Not applicable to the DCS 3000. 

7.3.4.3.1 Mobile/ Executable Code 
Not applicable to the DCS 3000 system. 

7.3.4.3.2 Collaborative Processing 
Not applicable to the DCS 3000 system. 

7.3.4.3.3 Distributed Processing 

Not applicable to the DCS 3000 system. 

7.3.4.3.4 Wireless Devices 

Not applicable to the DCS 3000 system. 
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9. EXCEPTIONS 

Not applicable to the DCS 3000 system. 
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10. GLOSSARY OF TERMS 


Acronym Meaning 

AES Advanced Encryption Standard 

AIS Automated Information System (synonymous 

with IS and IT) 

C&A Certification and Accreditation 

CC Command Criteria 

CCTV Closed Circuit Television 

CDC Call Data Channel 

CD Compact Disc- 

Cl Controlled Interface 

CI100 Controlled Interface 100 

CIO Chief Information Officer 

CLE Criminal Law Enforcement 

CM Configuration Management 

CMCB Configuration Management Control Board 

CMP Central Monitoring Plant 

CONOPS Concept of Operations 

COTS Commercial-off-the-shelf 

DAA Designated Accrediting Authority 

DAC Discretionary access control 

DCID Direct Central Intelligence, Directive 

DCSNET DCS Network 

DOJ Department of Justice 

DOS Denial of Service 

DRP Disaster Recovery Plan 

ELSUR Electronic Surveillance 

ERF Engineering Research Facility 

ESTS Electronic Surveillance Technology Section 

FBI Federal Bureau of Investigation 

FISA Foreign Intelligence Surveillance Act 

GRS General Records Service 

IAS Information Assurance Section 

ID Identification 

IOS Internetwork Operating System 

IP Internet Protocol 

IS Information System (synonymous with IT and 

AIS) 

ISA Interconnection Security Agreement 

ISSM Information Systems Security Manager 

ISSO Information Systems Security Officer 

IT Information Technology (synonymous with AIS 

and IS) 

Kbps Kilobits per second 

KSA Knowledge, Skills and Abilities 
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KVM Keyboard Video Mouse 

LAN Local Area Network 

LEA Law Enforcement Agency 

LoC Level of Concern 

MAC Mandatory Access Control 

MAOP Manual of Administrative Operations and 

Procedures 

Mbps Megabits per second 

MD5 Message Digest Algorithm 5 

MIOG Manual of Investigative Operations and 

Guidelines 

MOA Memoranda of Agreement 

MOU Memorandum of Understanding 

N/A Not Applicable 

NARA National Archives and Records Administration 

O&M Operations and Maintenance 

OTD Operational Technology Division 

PKI Public Key Infrastructure 

PL Protection Level 

PM Project Manager 

PSI Personnel Security Interview 

RA Risk Assessment 

RM Risk Management 

SAC Special Agent in Charge 

SAIC Senior Special Agent in Charge 

SBIT Switch Based Intercept Team 

SCI Sensitive Compartmented Information 

SCIF Sensitive Compartmented Information Facility 

SLA Service Level Agreement 

SSP System Security Plan 

SSS Security Support Structure 

TCP Transmission Control Protocol 

TICTU Telecommunications Intercept and Collection 

Technology Unit 

TSP Telecommunications Service Provider 

TTA Technically Trained Agent 

UPS Uninterruptible Power Supply 

VPN Virtual Private Network 

WAN Wide Area Network 
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Attachments 


Attachment A - Organizational Structure 


See section 1 .1 .3 for further explanation of the DCS 3000 program organization 
chart. 



Figure 2: Organization Structure for DCS 3000 Program Management 
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FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 05/2/2006 


To: Operational Technology Attn: 


Security Attn: 


From: Security 

Tnfnrmat.i pn nrrunnrn/nrr .rRdi t at.i on/SPY-R F-501 

Contact: | | 202- | | 


Approved By: I i 

Drafted By : | | mlm 

Case ID #: 319U-HQ-1487677-SECD-275 

Title: IT SYSTEMS SECURITY RISK ANALYSES 

INFORMATION ASSURANCE SECTION (IAS) 

ACCREDITATION UNIT (AU) 

DIGITAL COLLECTION SYSTEM 3000 (DCS-3000) 

ACCREDITATION DECISION: 

SECURITY CHARACTERISTIC AND TIER LEVEL 
DESIGNATION FOR DCS-3000 

Synopsis: Designate the DCS-3000 Tier Level, Mode of Operation, 

determine the Confidentiality, Integrity, Availability Levels, 
Boundary description, and name the key Certification and 
Accreditation Team Members. 

Administrative: DCS-3000 Accreditation Boundary Diagram, dated 

05/1/2006. 

Details: As a result of correspondence and meetings with the 

Accreditation Representative, Information System Security 
Manager, Information System Security Officer, Certification 
Representative, the DCS-3000 Program Manager and System 
Administrator, the following security characteristics and Tier 
Level have been determined and agreed upon. 

The Levels of Concern (LoC) are Medium for 
Confidentiality, Medium for Integrity, and Medium for 
Availability. DCS-3000 is a Sensitive but Unclassified (SBU) 
system operating in the System High Mode of Operation. The DCS- 
3000 has been assessed as a Tier Level 2 in accordance with the 
FBI Certification and Accreditation Handbook. 
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To: Operational Technology From: Security 

Re: 31 9U-HQ-14 87 677-SECD, 05/2/2006 


b2 
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The DCS-3000 application suite was developed to assist 
Law Enforcement Agencies (LEA) with collecting and processing 
data for court-ordered Electronic Surveillance (ELSUR) 
operations. The DCS -3000 collectsl I 


The DCS-3000 application suite consists of five (5) 
component applications residing on one or more workstations. The 
components of the DCS suite used to support a particular 
requirement depend upon the type of surveillance to be conducted, 
the switch providing the data, the telecommunications service 
provider, and availability of equipment at the field office. 

The Certification and Accreditation Team Members are: 


System Owner: | f 

Information System 1 S&dhtity Utiicer: 
System Administrator: 

Information System Security Manager: 
Certification Representative: 
Accreditation Representative: 
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To: Operational Technology From: Security 

Re: 319U— HQ-1487677— SECD, 05/2/2006 


LEAD (s) : 

Set Lead 1: (Info) 

OPERATIONAL TECHNOLOGY 
AT QUANT I GO. VA 

Notify the ISSM if there are any changes to DCS-3000 
that could impact its designation of the Tier Level, Levels of 
Concern, Mode of Operation, and accreditation boundary. 

Set Lead 2: (Info) 

SECURITY 


AT WASHINGTON. DC 
For information only. 
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IRISH 

f§ Major Security Findings Test Case 

Scan Report 


| ISS System Scanner [ 

1 (U) 

■H 1 
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No. 

Major Security Findings 

Test Case 


4 <ni- 


| 





L 

b2 





b7E 


summarizes additional technical findings: 






S 
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1 Operating System Manual Testing II 

1(U) 
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1.2.2 Procedural/Policy Findings 
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3.0 TECHNICAL TESTS AND TEST RESULTS 
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ft 


Requirement 

; PaS!i , Fail 

iftl ' , .-Hi 1 'iii \ iij, i ipi V " tommtiit 

(TJ) MIOG 35-9.3.1(5)(b): The following banner shall be displayed on all 
FBI ADPT systems at a point prior to the user signing onto the system: : 
"This FBI system is for the sole use of authorized users for official business 
only. You have no expectation of privacy in its use. To protect the system 
from unauthorized use and to insure that the system is functioning properly, 
individuals using this computer system are subject to having all of their 
activities on this system monitored and recorded by system personnel. 
Anyone using this system expressly consents to such monitoring and is 
advised that if such monitoring reveals evidence of possible abuse or 
criminal activity, system personnel may provide the results of such 
monitoring to the appropriate officials.” 
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Requirement 


(U) MIOG 35-9.4.13(1): ADPT equipment and storage media that has 
processed FBI information may only be reused (e.g, transferred to another 
unit) within FBI control systems (i.e., formal access programs, SCIF, and 
TEMPEST) after they have been cleared by FBI employees. The 
microcomputer or ADPT storage media remains labeled and secured to the 
highest level of information ever entered into, stored on, or processed by the 
device. 

Pass 


(U) DOJ 2640.2D 26.b. IT systems shall contain an external classification 
marking authorizing the level of information that can be processed. 

Pass 
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Rcqmrcment j 1WM I 


(U) MIOG 3S-9.4.10(lXb): Removable media must be labeled with 
external markings. An exception to this policy is granted for computer 
center operations supporting a computerized tape management system that 
provides internal classification and data descriptor designations, as long as 
the media remains in FBI controlled space. However, all magnetic media 
leaving FBI controlled spaces must be labeled with the external 
classification and data descriptor labels. 

(U) MIOG 35-9.4.14(lXc): When inoperable diskettes tape cartridges 
printouts ribbons and similar items used to process sensitive or classified 
information must be destroyed in accordance with MIOG Part H Section 26. 

(U) MIOG 35-9.4.14(IXd): When inoperable hard disks used to process 
sensitive or classified information must be sent to FBIHQ for proper 
disposal following procedures provided in MIOG Part II Section 26. 


August 27, 2002 
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' Pass/Fail 


(U) MIOG 35-9.4.4(4): Whenever a virus infection is detected, 
it should be reported to the ADPT Security Officer. 

Fail 

Presently, there are no virus checking programs 
in place 

(U) MIOG 35-9.4.5(4): Vendor diagnostic software must be 
scanned, write-protected, and retained by the Computer 
Specialist Only this copy of the software may be used on FBI 
ADPT systems. 

Fail 

Presently, there are no virus checking programs 
in place 

(U) DOJ 2640.2D 10. Components shall establish procedures 
to ensure that computer software installed on component IT 
systems is in compliance with applicable copyright laws and is 
incorporated into the system's life cycle management process. 

Fail 

Presently, theire are no virus checking programs 
in place 

(U) DCID 6/3 MalCode: Procedures to prevent the 
introduction of malicious code into the system, including the 
timely updating of those mechanisms intended to prevent the 
introduction of malicious code (e.g., updating anti-viral 
software). 

Fail 

Presently, there are no virus checking programs 
in place 
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- -- 1 b 1 ' Requirement 

Pass/Fail 

Comment 

(U) MIOG 35-8.1.2(3): System security plan documentation is 
required for every classified and sensitive FBI ADPT system. The 
components of a system security plan are: 

a) system security plan following OMB 90-08 or its successor 

b) documented risk management actions pertaining to the ADPT 

c) certification statement that reflects the results of certification tests 
of file security features applicable to the system 

d) contingency plan which consists of an emergency response plan, 
backup operations plan, and post-disaster recovery plan 

e) standard security procedures for users and operators of the system. 

Pass 


DC ID 6/3 Doc 1: Documentation shall include: 

A System Security Plan. 

A Security Concept of Operations (CONOPS) (the Security 
CONOPS may be included in the System Security Plan). The 
CONOPS shall at a minimum include a description of the purpose of 
file system, a description of the system architecture, the system’s 
accreditation schedule, the system’s Protection Level, integrity Level- 
of-Concem, availability Level-of-Concem, and a description of file 
factors that determine the system’s Protection Level, integrity Level- 
of-Concem, and availability Level-of-Concem. 

Pass 


DC ID 6/3 Doc2: Documentation shall include guide(s) or manual(s) for the 
system’s privileged users. The manuals) shall at a minimum provide 
information on (1) configuring, installing, and operating the system; (2) 
making optimum use of the system’s security features; and (3) identifying 
known security vulnerabilities regarding the configuration and use of 

vulnerabilities are identified. 

Pass 



August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-21 



LIMITED OFFICIAL USE ONLY 


System Security Plan (SSP) 

DCS 3000 

Pre-Certiflcatlon Test Results and Findings 


Requirement 
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Comment 

DC ID 6/3 Doc3: The DAA may direct that documentation also shall 

include: 

Certification test plans and procedures detailing the implementation of 
the features and assurances for the required Protection Level. 

Reports of test results. 

A general user’s guide that describes the protection mechanisms 
provided and that supplies guidelines on how the mechanisms are to 
be used and how they interact 

Pass 


DC ID 6/3 Verit2: Verification by the DAA Rep that the necessary 
security procedures and mechanisms are in place; testing of them by 
the DAA Rep to ensure that they work appropriately. 

N/A 
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Comment 

(U) DOJ 2640. 2D 9.1. [Components shall:] Develop a contingency 
plan for each general support system and major application. 
Contingency plans shall: 

(1) Identify the priorities of the system for restoration, taking into 
consideration the system's role in fulfilling Department mission 
and interdependency requirements. 

(2) Determine the maximum amount of elapsed time permissible 
between an adverse event and putting the system's contingency 
plan into operation. 

(3) Determine the maximum amount of data and system settings that 
can be lost between the service interruption event and the last 
back-up (this measure shall determine system back-up policies). 

(4) Identify interdependencies with other systems (i.e., other 
component. Federal, State or local agencies) that could affect 
contingency operations. 

(5) Identify system owners, roles, and responsibilities. 

Pass 


(U) DOJ 2640.2D 9.2. [Components shall:] Develop and maintain 
site plans that detail responses to emergencies for IT facilities. 

Pass 


(U) DOJ 2640.21) 9.3. [Components shall:] Test 

contingency/business resumption plans annually or as soon as 
possible after a significant change to the environment, that would 
alter the in-place assessed risk. 

Pass 


(U) MIOG 35-9.4.4(3): Executable software authorized to run on an 
FBI ADPT system shall be identified in the system security plan. 
The level of protection must be commensurate with the sensitivity 
of the information processed. At a minimum, such media should 
be backed up and stored physically separated from the system or 
at an off-site location. 

Pass 
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Pass/Fall 

Comment 

MIOG 35-9.4.4(3): requires that safeguards must be in place to detect 
and minimize inadvertent or malicious modification or destruction of 
an ADPT system's application software, operating system software, 
and critical data files. The safeguards should achieve the integrity 
objectives and should be documented in the system security plan. 

Pass 


1)0.1 2640.2D 8. Component IT systems shall be examined for 
security prior to being placed into operation. All IT systems shall 
have safeguards in place to detect and minimize inadvertent or 
malicious modifications or destruction of the IT system. 

Pass 
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DC ID 6/3 Integrty2: Data and software storage integrity protection, 
including the use of strong integrity mechanisms (e.g., integrity locks, 
encryption). 

Pass 


DCID 6/3 Integrty3: Integrity, including the implementation of 
specific non-repudiation capabilities (e.g., digital signatures), if 
mission accomplishment requires non-repudiation. 

N/A 
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I (U) MIOG 35-9.4.4(5): Use of software shall comply with copyright laws. | Pass 


(U) MIOG 35-9.4.5(4): Vendor diagnostic software must be scanned, write- Pass 

protected, and retained by the Computer Specialist. Only this copy of the software 
may be used on FBI ADPT systems. 

(U) DOJ 2640.2D 10. Components shall establish procedures to ensure that Pass 

computer software installed on component IT systems is in compliance with 
applicable copyright laws and is incorporated into the system's life cycle 
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MIOG 35-6(4) Connectivity is prohibited between internal FBI 
ADPT systems and all other systems or networks not covered under 
the FBI's management authority without approval of the FBI 
accrediting authority. 

N/A 


MIOG 35-9.3. 1(6) Interconnections between sensitive and 
classified FBI ADPT systems and non-FBI ADPT systems must be 
established through controlled interfaces. The ADPT Security Officer 
must be consulted for guidance on establishing controlled interfaces. 
The controlled interfaces used in an ADPT system implemented as a 
network shall be accredited at the highest classification level and most 
restrictive classification category of information on the network. 

N/A 
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Requirement; , 

.ft. : 5- 77 " 

.. ^comment ■ 

(U) MIOG 35-9.4.7: The ISAs and POCs must be able to identify all 
equipment processing storing or transmitting classified information 
whether operating as part of a network or in a standalone mode of 
operation. This requirement is in addition to the hardware and 
software inventory requirements stated in MIOG Part II Section 
16-18.9. 

Pass 
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Pass/Fail.. 

( imiiu.nl 

(U) DOJ 2640.21) 16.e. [Access controls shall be in place and operational for 
all Department IT systems to:] Enforce separation of duties based on roles and 
responsibilities. 

Pass 


(U) DOJ 2640.2D 16.f. [Access controls shall be in place and operational for 
all Department IT systems to:] Protect the system, its data and applications, 
from unauthorized disclosure, modification, or erasure. 

Fail 

Telnet login in the clear and address cited in the router 
and access list. 

(U) DOJ 2640.2D 16.g. [Access controls shall be in place and operational for 
all Department IT systems to:] For systems operating in the system high mode 
of operation, the system security features must have the technical ability to 
restrict the user’s access to only that information which is necessary for 
operations and for which the user has a need-to-know. 

Pass 
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Date 

rested 
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.Requirement 

Pass/Fail 

Comment 

(U) DOJ 2640. 2D 7.h. Accreditations with conditions shall not be granted if 
system or application vulnerabilities permit the following: 

(1) Breaches to the confidentiality and integrity functions of the system or 
application and its data. 

Pass 


(U) DOJ 2640.2D 16.e. [Access controls shall be in place and operational for 
all Department IT systems to:] Enforce separation of duties based on roles and 
responsibilities. 

Pass 


(U) DOJ 2640.2D 16.f. [Access controls shall be in place and operational for 
all Department IT systems to:] Protect the system, its data and applications, 
from unauthorized disclosure, modification, or erasure. 

Pass 


(U) DOJ 2640.2D 16.g. [Access controls shall be in place and operational for 
all Department IT systems to:] For systems operating in the system high mode 
of operation, the system security features must have the technical ability to 
restrict the user's access to only that information which is necessary for 
operations and for which the user has a need-to-know. 

Pass 
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Comment j 

(U) MIOG 35-9.3. 1(1): Prior to March 6, 2000, ADPT systems used for the 
processing of classified or sensitive information in the System High Security 
mode of operation must have the functionality of the C2 level of trust defined in 
the Department of Defense (DoD) 5200.28-STD, “Department of Defense 
Trusted Computer System Evaluation Criteria.” The Trusted Network 
Interpretation of the Trusted Computer System Evaluation Criteria, National 
Computer Security Center Technical Guide 005 (NSC-TG-005), provided 
guidance on achieving C2 functionality in a network. On October 8, 1999, the 
National Security Agency issued the "Controlled Access Protection Profile 
(CAPP)” to replace the C2 standard. All future procurements of DOJ computer 
systems operating in System High Security Mode MUST meet CAPP security 
requirements from the above date forward. 

Pass 


(U) MIOG 35-9.3. l(4Xe): Access Control: For systems operating in the 
Systems High Security Mode of Operation, access control may be implemented 
through discretionary access control techniques through measures such as file 
passwords, access control lists, disk encryption or other techniques, as defined 
in the approved system security plan. 

Pass 
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Comment 

(U) DOJ 2640.2D 16.8. [Access controls shall be in place and 
operational for all Department IT systems to:] Enable the use of 
resources such as data and programs necessary to fulfill job 
responsibilities and no more. 

Pass 


(U) DOJ 2640.2D 16.e. [Access controls shall be in place and 
operational for all Department IT systems to:] Enforce separation of 
duties based on roles and responsibilities. 

Pass 


(U) DOJ 2640.2D 16. f. [Access controls shall be in place and 
operational for all Department IT systems to:] Protect the system, its 
data and applications, from unauthorized disclosure, modification, or 

Pass 


(U) DOJ 2640.2D 16.g. [Access controls shall be in place and 
operational for all Department IT systems to:] For systems operating 
in the system high mode of operation, the system security features 
must have the technical ability to restrict the user's access to only that 
information which is necessary for operations and for which the user 
| has a need-to-know. 

Pass 
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Comment 

(U) MIOG 35-9.3.1(1): Prior to March 6, 2000, ADPT systems used 
for the processing of classified or sensitive information in the System 
High Security mode of operation must have the functionality of the 
C2 level of trust defined in the Department of Defense (DoD) 
5200.28-STD, “Department of Defense Trusted Computer System 
Evaluation Criteria.” The Trusted Network Inteipretation of the 
Trusted Computer System Evaluation Criteria, National Computer 
Security Center Technical Guide 005 (NSC-TG-005), provided 
guidance on achieving C2 functionality in a network. On October 8, 
1999, the National Security Agency issued the "Controlled Access 
Protection Profile (CAPP)" to replace the C2 standard. All future 
procurements of DOJ computer systems operating in System High 
Security Mode MUST meet CAPP security requirements from the 
above date forward. 

Pass 


(U) MIOG 35-9.3. l(4)(e): Access Control: For systems operating in 
the Systems High Security Mode of Operation, access control may be 
implemented through discretionary access control techniques through 
measures such as file passwords, access control lists, disk encryption 
or other techniques, as defined in the approved system security plan. 

Pass 



August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-40 





LIMITED OFFICIAL USE ONLY 


System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and Findings 


WINDOWS 2000 SYSTEM POLICIES 



b2 

b7E 


August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-41 









System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and Flndl 


LIMITED OFFICIAL USE ONLY 


b2 

b7E 



August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-44 




System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and l indii 


LIMITED OFFICIAL USE ONLY 


b2 

b7E 



August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-45 





August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-46 






August 27, 2002 


LIMITED OFFICIAL USE ONLY 





LIMITED OFFICIAL USE ONLY 


System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and Findings 



August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-48 





System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and Find! 


LIMITED OFFICIAL USE ONLY 


b2 

b7E 



August 27, 2002 


LIMITED OFFICIAL USE ONLY 


F-49 





LIMITED OFFICIAL USE ONLY 


System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and Findings 


August 27. 2002 


LIMITED OFFICIAL USE ONLY 


F-50 



LIMITED OFFICIAL USE ONLY 


System Security Plan (SSP) 

DCS 3000 

Pre-Certification Test Results and Findings 


■ ; - Ftequircnient 

Pass/Fall 

Comment 

1 (U) MIOG 35-9.3.1(4Xa): User Identification: The ADPT system 
shall control and limit user access based on identification and 
authentication of the user. The identity' of each user will be 
established positively before authorizing access. User identification 
and password systems support the minimum requirements of access 
control, least privilege, and system integrity. 

Pass 


(U) MICK} 35-9.3.1(4Xb): Authentication: For ADPT systems 
requiring authentication controls the ADPT system shall ensure that 
each user of the ADPT system is authenticated before access is 
permitted. Currently use of a password system is the preferred 
method for authenticating users of FBI ADPT systems. More 
sophisticated authentication techniques such as retina scanners or 
voice recognition systems must be cost-justified through the risk 
analysis process. If passwords are selected as the authentication 
mechanism passwords will be authenticated each time they are used. 
FIPS PUB 83 provides standards for authentication. 

Fail 

Password restrictions are lacking. 
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1’assiFail 

Comment 

(U) MLOG 35-9.3.1(4Xe): Access Control - For systems operating in 
the System High Security Mode of Operation, this may be 
implemented with discretionary access control techniques; through 
measures such as file passwords, access control lists, disk encryption 
or other techniques, as defined in the approved system security plan. 
For ADPT systems operating in the compartmented or multilevel 
security mode, mandatory access control (MAC) is required. MAC is 
a means of restricting access to information based on labels. A user's 
label indicates what information the user is permitted to access and 
the type of access (e.g., read or write) that the user is allowed to 
perform. An object's label indicates the sensitivity of the information 
that the object contains. A user’s label must meet specific criteria 
defined by MAC policy in order for the user to be permitted access 
to a labeled object This type of access control is always enforced 
above any discretionary controls implemented by users. Printed: 
01/16/96. 

Pass 


(U) MIOG 35-9.4.2(2Xd): User accounts that have been inactive for 
over 90 days will be suspended. The person responsible for 
administering the access control mechanism is authorized to reinstate 
such accounts up to 180 days overall. User accounts that have been 
inactive for 180 days will be deleted and may only be reissued by the 
person authorized to approve access who is identified in the access 
control criteria and only to an individual who has been authorized 
access. 

Pass 


(U) DOJ 2640.2D 18. a. [Department IT systems that use passwords 
as the means for authentication shall implement at least the following 
minimum features:] Require the system administrator to issue initial 
passwords. 

Pass 
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Comment 

(U) DOJ 2640. 2D 18.b [Department IT systems that use passwords 
as the means for authentication shall implement at least the following 
minimum features:] Require technical implementation to support the 
following: 

(1) An eight-character password composed of at least three 
of the following, English uppercase, English lower case, numerics, 
special characters. 

Fail 


(2) Prevent the use of the previous six passwords. 

Fail 


(3) Prevent the display of a clear text password. 

Pass 


(4) Limit password lifetime to a maximum of 90 days. 

Pass 


(5) Expire an initial use password at the time of its first use 
in a manner that requires the password owner to supply a new 
password. 

Fail 


(U) DOJ 2640.2D 18.g. [Department IT systems that use passwords 

minimum features:] Disable user accounts after no more than four 
consecutive invalid attempts are made to supply a password, and 
require the reinstatement of a disabled user account by an 
administrator. 

Pass 
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- Pass/Fail 

Comment 

DOJ 2640.2D 17.c. [Department systems shall:] Comply with the 
Department password management policy. 

Fail 

Does not comply with DOJ standards. 

DOJ 2640.2D 18. b. [Department IT systems that use passwords as 
the means for authentication shall implement at least the following 
minimum features:] Require technical implementation to support the 
following: 

(1) An eight-character password composed of at least three of 
the following, English uppercase, English lower case, 
numeric, special characters. 

(2) Prevent the use of the previous six passwords. 

(3) Prevent the display of a clear text password. 

(4) Limit password lifetime to a maximum of 90 days. 

(5) Expire an initial use password at the time of its first use in 
a manner that requires the password owner to supply a new 
password. 

Fail 

Password does not expire (e.g. DCSgod). 
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Case ID #: 319U-HQ-1487677-SECD-300 


Title: IT SYSTEMS SECURITY RISK ANALYSES 

INFORMATION ASSURANCE SECTION (IAS) 
CERTIFICATION UNIT (CU) 

DIGITAL COLLECTION SYSTEM-3000 (DCS-3000) 
SECURITY TEST REPORT 


Synopsis: Certification Unit’s validation findings conducted on the 

DCS-3000 Risk Management Matrix (RMM) , dated 26 May, 2006. 

Reference: (1) 319U-HQ-1487677-SECD-275 

Administrative: Additional References: 

(2) DCS-3000 System Security Plan (SSP) (U//FOUO), 
dated 28 April, 2006 

(3) DCS 3000 Risk Management Matrix (RMM) 

(U//FOUO), dated 5 November, 2002 

(4) DCS 3000 Certification Executive Summary 

Report (U//FOUO) , dated 26 May, 2006 

Details: In order to facilitate the decision to re-accredit the DCS- 
3000 system, the Accreditation Unit (AU) requested that Certification 
Unit validate the eight (8) findings documented in Reference (3) as 
being properly mitigated or closed. 

In accordance with the FBI Certification and Accreditation 
Handbook, the DCS-3000 system has been assessed as a Tier Level 2 with 
levels of concern (LOC) of Medium for Confidentiality, Integrity, and 
Availability. The DCS-3000 system is a Sensitive But Unclassified 
(SBU) system operating in the System High Mode of Operation Reference 
( 1 ) . 


Enterprise Security Operations Center (ESOC) Testing 
personnel assisted Certification Unit by performing validation of the 
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To: Security From: Security 

Re: 31 9U-HQ-14 87 677-SECD 05/31/2006 


eight (8) findings identified in the RMM Reference (3). The results 
of the validation testing are in the Certification Executive Summary 
Report Reference (4). Validation results concluded that three (3) of 
the six (6) were corrected. One (1) vnl nprahi 1 i tv was found to he a 
fal.se finding . The last finding, lack of the 

I has not been corrected or mitigated. 


Certification testing on the DCS-3000 system was performed 
during an initial C&A effort four years ago. Due to the age of the 
previous Certification assessment, as well as proposed changes to the 
current architecture, the Certifier recommends that full Certification 
testing be performed on the DCS-3000 system. 
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To: Security From: Security 

Re: 31 9U-HQ-1487 677-SECD 05/31/2006 

LEAD (s) : 

Set Lead 1 : (Action) 

SECURITY 

AT WASHINGTON. DC 

Attn: Accreditation Unit. Coordinate the accreditation 

decision for the DCS-3000 System. 

Set Lead 2: (Info) 
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